this post was submitted on 29 Nov 2023
158 points (96.5% liked)

Privacy

31856 readers
235 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Two questions.

My family insist on using Whatsapp for the family chats. I have to keep a copy on a device just so I can communicate with them. I do so under protest, as I was always told it isn't secure. My brother has just said

"oh Whatsapp is encrypted, it's perfectly secure".

First, is it actually as encrypted and safe as my brother claims? That would solve everything.

Second, if it isn't, where can I get some proof that we should switch to Telegram or whatever? Proof which doesn't make me look like a raving loony?

you are viewing a single comment's thread
view the rest of the comments
[–] otter@lemmy.ca 102 points 11 months ago* (last edited 11 months ago) (6 children)

My understanding is that it IS encrypted, and its supposed to use the Signal protocol (Signal developed it and released it for others to use)

The problems are with

  • metadata (like the other comment explained)
  • closed source, so we take their word on it for how it works. It's possible they're being misleading or doing something shady

See this image from a few years ago:

Note that signal does require this, which isn't in the chart:

  • phone number (for now)
  • last active date
  • sign up date (I think)
[–] otter@lemmy.ca 27 points 11 months ago* (last edited 11 months ago) (1 children)

Oh also @Thisfox@sopuli.xyz

Instead of Telegram, consider one of these, it's easier to switch to the good one now than to try and switch again later.

https://www.privacyguides.org/en/real-time-communication

Signal works great for my family

[–] Thisfox@sopuli.xyz -1 points 11 months ago* (last edited 11 months ago) (1 children)

I have been using Telegram for.... A really long time. A decade? Maybe not that long. But yeah, no reason to change from what works for me. You're right about that.

Signal and Matrix(?) and the others all seem to be a recent development, and although I have downloaded a few, no one else has them or has heard of them, so their directories are empty as I have never found anyone who wants to connect that way. It means I don't know how to use or teach older people how to use the software. I am trying to find a simple evidence-based way to encourage my family to change their minds, but it appears it will only make me look paranoid, so probably won't try.

[–] otter@lemmy.ca 1 points 11 months ago* (last edited 11 months ago)

That's fair enough, it's really location based. Around where I am, telegram isn't that popular. I've met a few people using Signal and I have friends/collegues pop up in the "____ has Signal" section of the app.

We don't really have a dominant chat app around here, there's a good mix of messenger/instagram/iMessage, with some groups sticking to Whatsapp/WeChat/Viber.

I am trying to find a simple evidence-based way to encourage my family to change their minds, but it appears it will only make me look paranoid

I think part of it is because it's hard to convince people without first explaining how things work. Not much use in worrying about it if you can't, just look out for yourself. What you COULD do is to use the private option when you need to talk about something sensitive. If the app is installed on their phone then they're more likely to use it, and even if not then you're looking out for yourself

[–] jet@hackertalks.com 15 points 11 months ago* (last edited 11 months ago)

Corporations love to lie with almost truths, or incomplete truths. So sure it might be end-to-end encrypted between two users, and each message is also signed with a special key that the corporation can view, or that some trusted third party carnivore system could view. That means they didn't lie, it is end to end encrypted, it's just three-way encrypted instead of two-way encrypted.

Or it is end-to-end encrypted across the network, but the edge devices, ie the phones, have search capabilities built into them to deliver the messages back to the organization based on some match capability.

And as other people indicated, closed source you don't know what's happening, you don't know what's changing, you just don't know

[–] pylapp@programming.dev 3 points 11 months ago (2 children)

Interesting! Do you remember where you got this chart?

[–] otter@lemmy.ca 3 points 11 months ago* (last edited 11 months ago)
[–] elvith@feddit.de 1 points 11 months ago

These are just screenshots of the data privacy section from the Apple AppStore of each of the apps. Afaik those are mandatory & self reported by the devs of the app.

[–] Agent641@lemmy.world 1 points 11 months ago* (last edited 11 months ago)

I do not consent to Signal knowing about my empty box

[–] ultratiem@lemmy.ca 1 points 11 months ago

iMessage definitely has more hooks in than those listed. It’s an integral Apple service that’s hooked into your deeper iCloud account. And because of that, they know a lot more than just a mere “chat” app would get access to. Which likely makes it harder to quantify.

Moreover, Meta and Alphabet also cross reference a lot of data points from all the other sources they have (cookies, IP logs, etc.). Again making actual data points fuzzy or incomplete.